[SR-Users] http_async_client problem with tls_ca_path

Giacomo Vacca giacomo.vacca at gmail.com
Thu Nov 2 10:59:37 CET 2017 

Hi Giovanni,
what's the related OS and libcurl versions please?

Regards,
Giacomo

On 2 November 2017 at 09:54, gmele <giovanni.mele at nagra.com> wrote:

> Hello,
>
> I'm having strange behavior with the http_async_client module and https
> connections. Our kamailio config use REST interfaces to send push to mobile
> apps when calls are initiated. We also use a REST interface to register the
> client in our push database (and then be able to use the info to send a
> push). Our REST interface use TLS to cypher exchanged data between the SIP
> registrar and the Pusher service.
>
> We have configured the tls connection using modparam:
>
> # ------ http async client params -------
> modparam("http_async_client", "workers", 16)
> modparam("http_async_client", "connection_timeout", 20000) # 20 seconds
> timeout on HTTP requests
> modparam("http_async_client", "hash_size", 2048) # update this value
> depending of the load
> #modparam("http_async_client", "curl_verbose", 1) # curl debug
> modparam("http_async_client", "tls_ca_path", "/etc/kamailio/ssl/ca")
>
>
> What we have noticed is when there is 1 SIP Register requests triggering
> and
> HTTPS request all works fine, but as soon as we have several HTTPS request
> in //, the HTTPS request fails with curl error 77: curl: (77) Problem with
> the SSL CA cert (path? access rights?).
>
> We tried to put the Root CA Path when building the request:
>
>     $http_req(all) = $null;     # reset the parameters
>     $http_req(method) = "POST";
>     $http_req(hdr) = "authorization: "+$hdr(authorization);
>     $http_req(hdr) = "Content-Type: application/json";
>     $http_req(suspend) = 0;  # don't suspend the transaction, continue
> routing script's execution
>     $http_req(body) = "{ 'pushRegistration':{'callId':'" + $ci + "',
> 'fromUri':'" + $fU + "@" + $fd + "', 'contactLine':'" + $ct + "'}}";
>     $http_req(tls_ca_path) = "/etc/kamailio/ssl/ca/";
>     http_async_query("https://pusher:443/rest/push/register",
> "HTTP_REGISTER_REPLY");
>
> But we have exactly the same behavior.
>
> Does the http_async_client module supports muti-thread?
>
> Regards
>
>
> Giovanni
>
>
>
> --
> Sent from: http://sip-router.1086192.n5.nabble.com/Users-f3.html
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171102/624ad4e1/attachment.html>

More information about the sr-users mailing list